Microsoft has released two updates to address vulnerabilities in Windows and Visual Studio that were basically remote code execution (RCE) flaws, allowing hackers to execute code on impacted systems. The new security patches arrived after the tech giant issued ‘October 2020 Patch Tuesday' that fixes 87 vulnerabilities.
Microsoft researchers report that the systems running the Windows 10 Anniversary Update were shielded from the two exploits, reports ZDNet. The first bug, tracked as CVE-2020-17022, can help hackers create malicious images that, when processed by an app running on top of Windows, can allow the attacker to execute code on an unpatched Windows OS.
The second bug, named as CVE-2020-17023, can help attackers craft malicious ‘package.json' files that, when loaded in Visual Studio Code, can execute malicious code. Last week, Microsoft also patched 87 vulnerabilities across a wide range of Microsoft products.
The most dangerous bug patched is CVE-2020-16898. Described as a RCE vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious packets to an unpatched computer via a network connection. Microsoft last month fixed nearly 130 security vulnerabilities in its Windows operating system and supported software.